From: Stefan Schmidt <stefan@datenfreihafen.org>
To: Alexander Aring <aahringo@redhat.com>
Cc: linux-wpan@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH wpan 01/17] net: ieee802154: make shift exponent unsigned
Date: Tue, 2 Mar 2021 22:18:14 +0100 [thread overview]
Message-ID: <b9baaf49-0e25-4c74-e8b7-f826157e1d48@datenfreihafen.org> (raw)
In-Reply-To: <20210228151817.95700-2-aahringo@redhat.com>
Hello Alex.
On 28.02.21 16:18, Alexander Aring wrote:
> This patch changes the iftype type variable to unsigned that it can
> never be reach a negative value.
>
> Reported-by: syzbot+7bf7b22759195c9a21e9@syzkaller.appspotmail.com
> Signed-off-by: Alexander Aring <aahringo@redhat.com>
> ---
> net/ieee802154/nl802154.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index e9e4652cd592..3ee09f6d13b7 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -898,8 +898,8 @@ static int nl802154_get_interface(struct sk_buff *skb, struct genl_info *info)
> static int nl802154_new_interface(struct sk_buff *skb, struct genl_info *info)
> {
> struct cfg802154_registered_device *rdev = info->user_ptr[0];
> - enum nl802154_iftype type = NL802154_IFTYPE_UNSPEC;
> __le64 extended_addr = cpu_to_le64(0x0000000000000000ULL);
> + u32 type = NL802154_IFTYPE_UNSPEC;
>
> /* TODO avoid failing a new interface
> * creation due to pending removal?
>
I am concerned about this one. Maybe you can shed some light on it.
NL802154_IFTYPE_UNSPEC is -1 which means the u32 will not hold this
value, but something at the end of the range for u32.
There is a path (info->attrs[NL802154_ATTR_IFTYPE] is not true) where we
put type forward to rdev_add_virtual_intf() with its changed value but
it would expect and enum which could hold -1 for UNSPEC.
regards
Stefan Schmidt
next prev parent reply other threads:[~2021-03-03 4:23 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-28 15:18 [PATCH wpan 00/17] ieee802154: syzbot fixes Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 01/17] net: ieee802154: make shift exponent unsigned Alexander Aring
2021-03-02 21:18 ` Stefan Schmidt [this message]
2021-03-06 23:35 ` Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 02/17] net: ieee802154: fix memory leak when deliver monitor skbs Alexander Aring
2021-03-01 3:16 ` Alexander Aring
2021-03-02 12:43 ` Stefan Schmidt
2021-02-28 15:18 ` [PATCH wpan 03/17] net: ieee802154: nl-mac: fix check on panid Alexander Aring
2021-03-02 21:33 ` Stefan Schmidt
2021-02-28 15:18 ` [PATCH wpan 04/17] net: ieee802154: forbid monitor for set llsec params Alexander Aring
2021-03-02 21:45 ` Stefan Schmidt
2021-03-06 13:12 ` Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 05/17] net: ieee802154: stop dump llsec keys for monitors Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 06/17] net: ieee802154: forbid monitor for add llsec key Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 07/17] net: ieee802154: forbid monitor for del " Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 08/17] net: ieee802154: stop dump llsec devs for monitors Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 09/17] net: ieee802154: forbid monitor for add llsec dev Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 10/17] net: ieee802154: forbid monitor for del " Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 11/17] net: ieee802154: stop dump llsec devkeys for monitors Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 12/17] net: ieee802154: forbid monitor for add llsec devkey Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 13/17] net: ieee802154: forbid monitor for del " Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 14/17] net: ieee802154: stop dump llsec seclevels for monitors Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 15/17] net: ieee802154: forbid monitor for add llsec seclevel Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 16/17] net: ieee802154: forbid monitor for del " Alexander Aring
2021-02-28 15:18 ` [PATCH wpan 17/17] net: ieee802154: stop dump llsec params for monitors Alexander Aring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b9baaf49-0e25-4c74-e8b7-f826157e1d48@datenfreihafen.org \
--to=stefan@datenfreihafen.org \
--cc=aahringo@redhat.com \
--cc=linux-wpan@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).